Tuesday, April 10, 2012

android reverse tools - ART

here's a cool tool i was shown the other day. it's an easy-mode gui for all your decompiling and recompiling needs. ordinarily this would be rather unimpressive. it's not too hard to write a little wrapper for some java commands, but he/she really put some polish on this.

not only does it come with everything you need, including java and bits of the android sdk, but it even has a slick manual and a complete walk-through for my lesson0.crackme0.

here's a screen shot of the app:
 

here's the link to download (24mb): http://ul.to/or3kme6t
virus scan: https://www.virustotal.com/file/f6ac4279161b666811d80736a7a23790709c5b3ccb36a8f83dd138d9601eb480/analysis/1334082130/

as a first exercise, i recommend that you update the apktool included with the pack. it may have gone out of date. you can update the other components if you're so inclined but it might not help much.

if you have any trouble decompiling or compiling, remember it's using apktool under the hood so trouble shoot apktool first.

and if you want some more crackmes to try, here's deurus' profile on crackmes.de: http://crackmes.de/users/deurus

29 comments :

  1. I had already tried it :) really good tool! I'm writing something simple to help in decompiling *.so files.

    Really happy about the update of the blog!

    Nihilus

    ReplyDelete
  2. you're writing a guide? cool! do a good job and i'll post it here. :D

    sometimes real life gets in the way and i don't get to update often. either that, or i am too busy learning new things. ;)

    ReplyDelete
  3. Hell yeah! .so files are my weak point in reversing android ATM

    ReplyDelete
  4. Thank you for sharing this android reverse program :)

    ReplyDelete
  5. Ahah I'm trying to write a guide, but I think I have many other things to learn :) so, @Anonymous, would you like to help me? :)

    Sorry guys but I'm concentrated on another project at the moment. I'm writing an "Online Checkers" in Java for my graduation exam :)

    ReplyDelete
  6. There is another tool like this, search XDAAutoTool. It is free and can decompile, recompile and alot more.

    ReplyDelete
  7. Works ok but i have some problem with zipalinged that erase all files but do not create final one. Dont know why. Any ideas? i am using windows7

    ReplyDelete
    Replies
    1. I have same problem....

      Delete
  8. how to download apps from PlayShop to test cracking methods?

    ReplyDelete
    Replies
    1. This comment has been removed by a blog administrator.

      Delete
  9. Rick: thanks for the tip.

    Anonymous #1: not sure. ask deurus.

    Anonymous #2: the only official way to get them is to pay for them. we wont discuss how to get apks without paying for them here.

    ReplyDelete
  10. HyT0m said:

    Hello! I'm trying to mod a apk but i have problems to recompile it, can you help me please? :)

    When i decompile its all ok:
    I: Baksmaling...
    I: Loading resource table...
    I: Decoding resources...
    I: Loading resource table from file: C:\Users\XX\apktool\framework\1.apk
    I: Copying assets and libs...
    Presione una tecla para continuar . . .

    But to recompile i get this:
    Exception in thread "main" brut.androlib.AndrolibException: brut.directory.Direc
    toryException: java.io.FileNotFoundException: C:\Users\XX\Desktop\ART_by_deur
    us\decompiled_aplications\supi (El sistema no puede encontrar el archivo especif
    icado)
    at brut.androlib.Androlib.readMetaFile(Unknown Source)
    at brut.androlib.Androlib.build(Unknown Source)
    at brut.androlib.Androlib.build(Unknown Source)
    at brut.apktool.Main.cmdBuild(Unknown Source)
    at brut.apktool.Main.main(Unknown Source)
    Caused by: brut.directory.DirectoryException: java.io.FileNotFoundException: C:\
    Users\XX\Desktop\ART_by_deurus\decompiled_aplications\supi (El sistema no pue
    de encontrar el archivo especificado)
    at brut.directory.ZipRODirectory.(Unknown Source)
    at brut.directory.ZipRODirectory.(Unknown Source)
    at brut.androlib.res.util.ExtFile.getDirectory(Unknown Source)
    ... 5 more
    Caused by: java.io.FileNotFoundException: C:\Users\XX\Desktop\ART_by_deurus\d
    ecompiled_aplications\supi (El sistema no puede encontrar el archivo especificad
    o)
    at java.util.zip.ZipFile.open(Native Method)
    at java.util.zip.ZipFile.(Unknown Source)
    at java.util.zip.ZipFile.(Unknown Source)
    ... 8 more
    Presione una tecla para continuar . . .


    I have tried with other apps and no problem! Its not a system app.

    ReplyDelete
  11. HyT0m, have you tried updating the apktool contained in art and also deleting framework/1.apk?

    it is complaining that this does not exist: C:\Users\XX\Desktop\ART_by_deur
    us\decompiled_aplications\supi

    can you confirm it does exist?

    having you tried using just apktool by itself?

    ReplyDelete
  12. HyT0m say:

    Yes, de directory exists.
    i tried using using apktool by it self, with apk multitool, i tried to rename to zip and with smali decomplile de dex file... i tried it all. Its not the first time that this occurs :(

    The first time that this occurs was with the Lastpass Dolphin Plugin, finaly i desist. I think that the problem was that is not app, is a plugin.
    But with this time is app that i cracked in the earlier version, but with the new i cant recompile it.

    ReplyDelete
  13. HyT0m, the app may be detected by anti-virus as a hack tool or something similar. you may need to disable anti-virus. if it is just detected as a hack tool, that is ok. but if you downloaded from an untrusted source, scan with an online tool before installing to phone.

    ReplyDelete
  14. HyT0m:
    Yes, it's a hacking tool (but not a virus :)). It is for scan a wifi and search for vulneravilities, to sniff and make a Man in The Middle.. its very interesant! :D
    i can send you the earlier version that i crack (i think it is still usable)

    ReplyDelete
  15. Hi lohan+, I'm trying to output a boolean from a program to logcat. This is what I'm trying:


    Existing code (Normally returns v0 right after this)
    -----------------------------------------
    invoke-virtual {v0}, Lcom/smoke/d/c;->m()Z

    move-result v0
    -----------------------------------------

    Added code:
    #########################################
    const-string v5, "mytag"

    invoke-virtual {v0}, Ljava/lang/Object;->toString()Ljava/lang/String;

    move-result-object v6

    invoke-static {v5, v6}, Lcom/smoke/d/lohanLog;->Log(Ljava/lang/String;Ljava/lang/String;)V
    #########################################

    But the app just keeps force closing when I start it up...

    Any suggestions?

    Thanks

    ReplyDelete
    Replies
    1. And btw, I'm just trying it this way, because using lohanLog's Log(Object;String) method causes the same problem...

      Thanks again

      Delete
    2. hello EvanVanVAn, m()Z returns a primitive boolean type, not a java/lang/Boolean object. so later on when you try to call toString on it, you will get an error because v0 is only a primitive boolean. make sense?

      also, Object.toString() returns a hash code. you do not want this. Boolean.toString() will give you want you want, but you would have to convert v0 to a Boolean like this:
      new-instance v6, Ljava/lang/Boolean;
      invoke-direct {v6, v0}, Ljava/lang/Boolean;->(Z)V
      invoke-virtual {v6}, Ljava/lang/Boolean;->toString()Ljava/lang/String;
      move-result-object v6

      i based the smali off of this java:
      boolean v0 = false;
      Boolean b = new Boolean(v0);
      b.toString();

      i tested what the android compiler would do with this, to see if it was cleaner:
      boolean a = false;
      Log.d("tag", "" + a);

      and it creates a StringBuilder and append(Z) the boolean and then convert the StringBuilder to string. interesting, but not much better than converting to Boolean, unless you are doing it several thousand times. then maybe one is faster than the other.

      you could use the above boolean to Boolean convert or, if using lohanLog, just use log(Z) instead of log(Ljava/lang/String)

      understanding the error message that immediately preceded the force close would help you, also. they are sometimes difficult to penetrate but worth it in the long run.

      Delete
    3. Thanks alot man, yeah I knew it had to be a primitive vs object problem. Should have remembered, converting all those ints -> Integers. Didn't do it nearly as often with Booleans I don't think. Makes alot of sense though.

      Thanks again for the website and great tutorials (I wish there more! beggars can't be choosers though :) )

      Delete
  16. such would be awesome if available to Ubuntu users

    ReplyDelete
  17. Hello,
    I'm decompiling a .dex file Using the following command:
    java -jar baksmali.jar -o dexout classes.dex

    I didn't edit any of the code then recompiled it using the following command:
    java -Xmx512M -jar smali.jar dexout -o new-classes.dex

    Now, when I make a diff comparison between classes.dex and new-classes.dex, I notice that there is a big difference (Using Hex WorkShop and Some Other Comparison Software)

    Keeping in mind that the functionality of the two files will be the same.
    But for some reason, I want them to be the same, please let me know how can that be done?

    ReplyDelete
  18. Anonymous,
    different compilers produce different results. the original classes.dex you are working with was most likely produced by the compiler in the android-sdk. the only way, really, to produce the exact same result is to also use the android compiler from source. using baksmali to decompile and then smali to compile again will, naturally, produce very different results in all but the most trivial of cases.

    why, exactly, would you need to do something so pointless as to decompile and recompile without making any changes to the smali or even the original what so ever?

    ReplyDelete
  19. I was just making a test, I wanted to check if I get the exact same result, then I would make the change, then compare and then make a patch to the original file.

    ReplyDelete
  20. how can i insert signature like "Hacked By Me" in my testapk?

    .method public onCreate(Landroid/os/Bundle;)V
    .locals 4
    .parameter "savedInstanceState"

    const/4 v0, 0x1

    const-string v1, "Cracked by bigGenius"

    invoke-static {p0, v1, v0}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;

    move-result-object v0

    invoke-virtual {v0}, Landroid/widget/Toast;->show()V


    Please explain me in detail. how can this be implemented?

    ReplyDelete
  21. Link is not downloadable now, Please send me the new link for the software.

    -venkatbecool@gmail.com.

    ReplyDelete
  22. "Access to the path 'C:\WINDOWS\aapt.exe' is denied" - What shiuld I do?

    ReplyDelete
    Replies
    1. Just copy aapt.exe to %Windows% folder, or add path to aapt.exe into PATH from Enviroment variables

      Delete
  23. Really Good blog post about android reverse tools.keep updating...
    Digital marketing company in Chennai

    ReplyDelete

Do NOT post about or link to specific apps!